Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it
installs all of its own
dependencies and updates the client code automatically.

Installing DNS plugins

Certbot's DNS plugins are not available for your OS yet. These
plugins can be used to automate obtaining a wildcard certificate from Let's
Encrypt's ACMEv2 server. This should change soon but if you don't want to wait,
you can use these plugins now by
running Certbot in Docker
instead of using the instructions on this page.

Get Started

Certbot has an Nginx plugin, which is supported on
many platforms, and automates certificate installation.

$ sudo /path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration
automatically to serve it. If you're feeling more conservative and would like to make the changes to your
Nginx configuration by hand, you can use the certonly
subcommand:

Automating renewal

Certbot can be configured to
renew your certificates automatically before they expire. Since Let's Encrypt
certificates last for 90 days, it's highly advisable to take advantage of this
feature. You can test automatic renewal for your certificates by running this
command:

$ sudo /path/to/certbot-auto renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal
by adding a cron job or systemd timer which runs the
following:

/path/to/certbot-auto renew

Note:

if you're setting up a cron or systemd job, we
recommend running it twice per day (it won't do anything until your
certificates are due for renewal or revoked, but running it regularly would
give your site a chance of staying online in case a Let's Encrypt-initiated
revocation happened for some reason). Please select a random minute within the
hour for your renewal tasks.

An example cron job might look like this, which will run at noon and midnight every day:

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it
is a wrapper that installs all of its own
dependencies and updates the client code automatically.

Note:

certbot-auto will always try to fetch the newest version of
itself from its most recent release. If you want it to be locked to a
specific version and not receive automatic updates, run it with the
--no-self-upgrade flag. Also, if you're nervous about downloading and
running scripts from the network, some extra verification
steps are available.

Installing DNS plugins

Certbot's DNS plugins are not available for your OS yet. These
plugins can be used to automate obtaining a wildcard certificate from Let's
Encrypt's ACMEv2 server. This should change soon but if you don't want to wait,
you can use these plugins now by
running Certbot in Docker
instead of using the instructions on this page.

Get Started

Certbot has an Nginx plugin, which is supported on
many platforms, and automates certificate installation.

$ sudo /path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration
automatically to serve it. If you're feeling more conservative and would like to make the changes to your
Nginx configuration by hand, you can use the certonly
subcommand:

$ sudo /path/to/certbot-auto --nginx certonly

Note:

the Nginx plugin with certonly does the following:

make temporary config changes
(adding a new server block to pass an ACME Challenge)

performs a graceful reload

reverts all changes

performs another graceful reload

This appears to be a reliable process, but if you don't want Certbot
to touch your Nginx process or files in any way, you can use the
webroot
plugin instead.
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to
renew your certificates automatically before they expire. Since Let's Encrypt
certificates last for 90 days, it's highly advisable to take advantage of this
feature. You can test automatic renewal for your certificates by running this
command:

$ sudo /path/to/certbot-auto renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal
by adding a cron job or systemd timer which runs the
following:

/path/to/certbot-auto renew

Note:

if you're setting up a cron or systemd job, we
recommend running it twice per day (it won't do anything until your
certificates are due for renewal or revoked, but running it regularly would
give your site a chance of staying online in case a Let's Encrypt-initiated
revocation happened for some reason). Please select a random minute within the
hour for your renewal tasks.

An example cron job might look like this, which will run at noon and midnight every day: